The Approved Contractor Scheme (ACS) is built around seven criteria. These are the pillars the SIA uses to assess whether a security company is operating to the standard required for accreditation. Each criterion covers a distinct area of your business, from how you screen your staff to how you respond to complaints.
Understanding what each criterion requires is the foundation of any serious ACS preparation. This guide breaks each one down clearly.
Criterion 1: SIA Licence Management
Every operative deployed in a licensable role must hold a valid, in-date SIA licence. This is not just an ACS requirement. It is a legal requirement under the Private Security Industry Act 2001. Deploying an unlicensed guard is a criminal offence.
For ACS purposes, you need more than a one-time check. You need a system that monitors licence expiry dates in advance and flags operatives whose licences are approaching renewal or have lapsed. Assessors want to see that your business has controls in place to prevent non-licensed individuals from being scheduled to site.
It is worth noting that the licence requirement applies to operatives in licensable roles. Administrative staff, control room operators, and management personnel who do not perform licensable activities are not required to hold an SIA licence.
Criterion 2: Staff Vetting (BS 7858)
BS 7858 is the British Standard for vetting personnel who work in positions of trust, including the security industry. Under this standard, new hires must undergo a minimum five-year employment and identity check before being deployed.
The vetting process includes verifying identity documents, confirming previous employment history, checking for any gaps in that history, and conducting a criminal record check. The standard also requires that vetting is reviewed periodically and that records are maintained and accessible.
For ACS, assessors want to see that vetting has been completed correctly for all staff, that records are stored appropriately, and that your business has a process for handling vetting that comes back with concerns. Incomplete or missing vetting records are one of the most common ACS failure points.
Read our full guide to BS 7858 vetting
Criterion 3: Training and Development
This criterion covers the ongoing development of your workforce. It is not enough to confirm that staff hold their front-line SIA licence. Assessors want to see a structured approach to training that includes induction, ongoing development, and a record of what training each individual has completed.
Training records need to be accurate and current. If a guard attended a first aid course two years ago and the certificate has expired, that record should reflect the current status, not just the completion date. A training matrix that shows every operative’s qualifications, expiry dates, and upcoming renewal requirements is the kind of evidence that demonstrates a well-managed development programme.
This criterion also covers management development. If you have supervisors and managers, their professional development should be planned and tracked too.
Criterion 4: Assignment Instructions
Assignment instructions are the documented procedures that tell a guard exactly what to do at a specific site. They cover access routes, emergency procedures, escalation contacts, restricted areas, reporting requirements, and any site-specific risks or rules.
Every site your company operates must have assignment instructions. They must be relevant and up to date. A document that was written two years ago and never reviewed is not a compliant assignment instruction, it is a liability. Assessors will check that instructions are site-specific, that guards have confirmed they have read and understood them, and that they are reviewed regularly.
Good assignment instructions are also a critical tool for reducing incident risk. A guard who knows exactly what to do in an emergency is far safer than one working from memory or assumptions.
Criterion 5: Risk Assessments
Every assignment your company operates must be supported by a formal risk assessment. This means identifying the hazards at each site, assessing the likelihood and severity of harm, and documenting the controls you have put in place to reduce that risk.
Risk assessments must be site-specific. A generic document applied to every contract will not satisfy an assessor. They should be reviewed when circumstances change, for example when a site’s use changes, when an incident occurs, or on a defined periodic basis.
Linked to assignment instructions, risk assessments provide the evidence that your company has thought carefully about the environment in which its staff are working and has taken appropriate steps to protect them.
Criterion 6: Key and Asset Management
Many security assignments involve the management of keys, access cards, vehicles, equipment, or other sensitive assets. This criterion covers your processes for controlling and recording the movement of these items.
A key register is the most common form of evidence. It records which keys exist, who holds each key, when they were signed out and returned, and the condition of the item. For sites with significant key holdings, this register must be current and accurate at all times.
This criterion is broader than just keys. Any asset that could be misused, lost, or stolen, and where that loss would have significant consequences, should be tracked. Assessors want to see that your company takes asset control seriously and has systems to demonstrate accountability.
Criterion 7: Complaints and Quality
How a company handles complaints says a great deal about its culture. This criterion requires a formal complaints procedure, a record of complaints received, and evidence of how each one was handled and resolved.
The SIA is not expecting a zero-complaint business. What it wants to see is that complaints are taken seriously, investigated properly, and used as an opportunity to improve. A complaint log that shows a complaint was received, investigated, and that changes were made as a result is more compelling than a company that claims to have received none.
This criterion also encompasses broader quality management. Internal audits, management reviews, and KPI tracking all contribute to demonstrating that your company is actively monitoring its own performance and making improvements.
Managing All Seven Criteria in One Place
The challenge for most security companies is not understanding what each criterion requires. It is maintaining the evidence across all seven areas consistently, every day, not just in the week before an assessment.
That is the operational problem that purpose-built compliance software solves. TacDesk’s ACS Compliance Module tracks all seven criteria in a single platform, with real-time dashboards showing your compliance position across every area.
Explore how TacDesk tracks ACS compliance, or see how TacDesk Verified Compliance works as a parallel standard that runs alongside the SIA’s own scheme.
Ready to see it in action? Book a demo at tacdesk.co.uk. Plans start from £49/month, and there are no setup fees or long-term contracts.